Hackers likely caused a Dec. 23 electricity outage in Ukraine by remotely switching breakers to cut power, after installing malware to prevent technicians from detecting the attack, according to a report analyzing how the incident unfolded.
The report from Washington-based SANS ICS was released late on Saturday, providing the first detailed analysis of what caused a six-hour outage for some 80,000 customers of Western Ukraine's Prykarpattyaoblenergo utility.
SANS ICS, which advises infrastructure operators on combating cyber attacks, also said the attackers crippled the utility's customer-service center by flooding it with phone calls to prevent customers from alerting the utility that power was down.
"This was a multi-pronged attack against multiple facilities. It was highly coordinated with very professional logistics," said Robert Lee, a former U.S. Air Force cyber warfare operations officer who helped compile the report for SANS ICS. "They sort of blinded them in every way possible."
Experts widely describe the incident as the first known power outage caused by a cyber attack. Ukraine's SBU state security service blamed Russia, and U.S. cyber firm iSight Partners identified the perpetrator as a Russian hacking group known as "Sandworm."